From 94cb3c556f3be880c259f8bf8ef64d647c78c900 Mon Sep 17 00:00:00 2001
From: chrislovecnm <clove@cnmconsulting.net>
Date: Sat, 22 Jul 2017 07:43:44 -0600
Subject: [PATCH] Allow for kops to skip the creation of an Internet Gateway

This PR adds a new API field called networkRequireGateway which when
set to false stops the creation of an IGW, and a default route is not
added to the route table.
---
 pkg/apis/kops/cluster.go                      |  2 +
 pkg/apis/kops/v1alpha1/cluster.go             |  2 +
 .../kops/v1alpha1/zz_generated.conversion.go  |  2 +
 .../kops/v1alpha1/zz_generated.deepcopy.go    |  9 +++++
 pkg/apis/kops/v1alpha2/cluster.go             |  2 +
 .../kops/v1alpha2/zz_generated.conversion.go  |  2 +
 .../kops/v1alpha2/zz_generated.deepcopy.go    |  9 +++++
 pkg/apis/kops/zz_generated.deepcopy.go        |  9 +++++
 pkg/model/network.go                          | 40 ++++++++++++-------
 9 files changed, 63 insertions(+), 14 deletions(-)

diff --git a/pkg/apis/kops/cluster.go b/pkg/apis/kops/cluster.go
index e0c54b04e2df..5702c48a8441 100644
--- a/pkg/apis/kops/cluster.go
+++ b/pkg/apis/kops/cluster.go
@@ -74,6 +74,8 @@ type ClusterSpec struct {
 	AdditionalNetworkCIDRs []string `json:"additionalNetworkCIDRs,omitempty"`
 	// NetworkID is an identifier of a network, if we want to reuse/share an existing network (e.g. an AWS VPC)
 	NetworkID string `json:"networkID,omitempty"`
+	// NetworkRequireGateway set to false and a gateway will not be created.  Only supported in AWS at this time.
+	NetworkRequireGateway *bool `json:"networkRequireGateway,omitempty"`
 	// Topology defines the type of network topology to use on the cluster - default public
 	// This is heavily weighted towards AWS for the time being, but should also be agnostic enough
 	// to port out to GCE later if needed
diff --git a/pkg/apis/kops/v1alpha1/cluster.go b/pkg/apis/kops/v1alpha1/cluster.go
index 253f3629547a..7a8b319360f6 100644
--- a/pkg/apis/kops/v1alpha1/cluster.go
+++ b/pkg/apis/kops/v1alpha1/cluster.go
@@ -73,6 +73,8 @@ type ClusterSpec struct {
 	AdditionalNetworkCIDRs []string `json:"additionalNetworkCIDRs,omitempty"`
 	// NetworkID is an identifier of a network, if we want to reuse/share an existing network (e.g. an AWS VPC)
 	NetworkID string `json:"networkID,omitempty"`
+	// NetworkRequireGateway set to false and a gateway will not be created.  Only supported in AWS at this time.
+	NetworkRequireGateway *bool `json:"networkRequireGateway,omitempty"`
 	// Topology defines the type of network topology to use on the cluster - default public
 	// This is heavily weighted towards AWS for the time being, but should also be agnostic enough
 	// to port out to GCE later if needed
diff --git a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
index 70b7b3bfb63c..7c3b4be06027 100644
--- a/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha1/zz_generated.conversion.go
@@ -610,6 +610,7 @@ func autoConvert_v1alpha1_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *
 	out.NetworkCIDR = in.NetworkCIDR
 	out.AdditionalNetworkCIDRs = in.AdditionalNetworkCIDRs
 	out.NetworkID = in.NetworkID
+	out.NetworkRequireGateway = in.NetworkRequireGateway
 	if in.Topology != nil {
 		in, out := &in.Topology, &out.Topology
 		*out = new(kops.TopologySpec)
@@ -855,6 +856,7 @@ func autoConvert_kops_ClusterSpec_To_v1alpha1_ClusterSpec(in *kops.ClusterSpec,
 	out.NetworkCIDR = in.NetworkCIDR
 	out.AdditionalNetworkCIDRs = in.AdditionalNetworkCIDRs
 	out.NetworkID = in.NetworkID
+	out.NetworkRequireGateway = in.NetworkRequireGateway
 	if in.Topology != nil {
 		in, out := &in.Topology, &out.Topology
 		*out = new(TopologySpec)
diff --git a/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go
index 2e74ede4165b..fef59a3519bf 100644
--- a/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha1/zz_generated.deepcopy.go
@@ -531,6 +531,15 @@ func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.NetworkRequireGateway != nil {
+		in, out := &in.NetworkRequireGateway, &out.NetworkRequireGateway
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(bool)
+			**out = **in
+		}
+	}
 	if in.Topology != nil {
 		in, out := &in.Topology, &out.Topology
 		if *in == nil {
diff --git a/pkg/apis/kops/v1alpha2/cluster.go b/pkg/apis/kops/v1alpha2/cluster.go
index 6bf220a8a12c..89f733f8ed88 100644
--- a/pkg/apis/kops/v1alpha2/cluster.go
+++ b/pkg/apis/kops/v1alpha2/cluster.go
@@ -71,6 +71,8 @@ type ClusterSpec struct {
 	AdditionalNetworkCIDRs []string `json:"additionalNetworkCIDRs,omitempty"`
 	// NetworkID is an identifier of a network, if we want to reuse/share an existing network (e.g. an AWS VPC)
 	NetworkID string `json:"networkID,omitempty"`
+	// NetworkRequireGateway set to false and a gateway will not be created.  Only supported in AWS at this time.
+	NetworkRequireGateway *bool `json:"networkRequireGateway,omitempty"`
 	// Topology defines the type of network topology to use on the cluster - default public
 	// This is heavily weighted towards AWS for the time being, but should also be agnostic enough
 	// to port out to GCE later if needed
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
index 1f3d7d94d998..534313a9ab8d 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
@@ -656,6 +656,7 @@ func autoConvert_v1alpha2_ClusterSpec_To_kops_ClusterSpec(in *ClusterSpec, out *
 	out.NetworkCIDR = in.NetworkCIDR
 	out.AdditionalNetworkCIDRs = in.AdditionalNetworkCIDRs
 	out.NetworkID = in.NetworkID
+	out.NetworkRequireGateway = in.NetworkRequireGateway
 	if in.Topology != nil {
 		in, out := &in.Topology, &out.Topology
 		*out = new(kops.TopologySpec)
@@ -917,6 +918,7 @@ func autoConvert_kops_ClusterSpec_To_v1alpha2_ClusterSpec(in *kops.ClusterSpec,
 	out.NetworkCIDR = in.NetworkCIDR
 	out.AdditionalNetworkCIDRs = in.AdditionalNetworkCIDRs
 	out.NetworkID = in.NetworkID
+	out.NetworkRequireGateway = in.NetworkRequireGateway
 	if in.Topology != nil {
 		in, out := &in.Topology, &out.Topology
 		*out = new(TopologySpec)
diff --git a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
index f3744e478950..89b311d8f224 100644
--- a/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/v1alpha2/zz_generated.deepcopy.go
@@ -524,6 +524,15 @@ func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.NetworkRequireGateway != nil {
+		in, out := &in.NetworkRequireGateway, &out.NetworkRequireGateway
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(bool)
+			**out = **in
+		}
+	}
 	if in.Topology != nil {
 		in, out := &in.Topology, &out.Topology
 		if *in == nil {
diff --git a/pkg/apis/kops/zz_generated.deepcopy.go b/pkg/apis/kops/zz_generated.deepcopy.go
index 2866174285a3..f8919ffb8b57 100644
--- a/pkg/apis/kops/zz_generated.deepcopy.go
+++ b/pkg/apis/kops/zz_generated.deepcopy.go
@@ -629,6 +629,15 @@ func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
+	if in.NetworkRequireGateway != nil {
+		in, out := &in.NetworkRequireGateway, &out.NetworkRequireGateway
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(bool)
+			**out = **in
+		}
+	}
 	if in.Topology != nil {
 		in, out := &in.Topology, &out.Topology
 		if *in == nil {
diff --git a/pkg/model/network.go b/pkg/model/network.go
index 82339c0c57ec..0908df8ec957 100644
--- a/pkg/model/network.go
+++ b/pkg/model/network.go
@@ -109,13 +109,20 @@ func (b *NetworkModelBuilder) Build(c *fi.ModelBuilderContext) error {
 	var publicRouteTable *awstasks.RouteTable
 	{
 		// The internet gateway is the main entry point to the cluster.
-		igw := &awstasks.InternetGateway{
-			Name:      s(b.ClusterName()),
-			Lifecycle: b.Lifecycle,
-			VPC:       b.LinkToVPC(),
-			Shared:    fi.Bool(sharedVPC),
+		var igw *awstasks.InternetGateway
+
+		// Skip the creation of the Gateway if b.Cluster.Spec.NetworkRequireGateway is set to false.
+		if b.Cluster.Spec.NetworkRequireGateway != nil && !*b.Cluster.Spec.NetworkRequireGateway {
+			glog.Warningf("kops is skipping the creation of an Internet Gateway, as networkRequireGateway is set to false.")
+		} else {
+			igw = &awstasks.InternetGateway{
+				Name:      s(b.ClusterName()),
+				Lifecycle: b.Lifecycle,
+				VPC:       b.LinkToVPC(),
+				Shared:    fi.Bool(sharedVPC),
+			}
+			c.AddTask(igw)
 		}
-		c.AddTask(igw)
 
 		if !allSubnetsShared {
 			publicRouteTable = &awstasks.RouteTable{
@@ -126,14 +133,19 @@ func (b *NetworkModelBuilder) Build(c *fi.ModelBuilderContext) error {
 			}
 			c.AddTask(publicRouteTable)
 
-			// TODO: Validate when allSubnetsShared
-			c.AddTask(&awstasks.Route{
-				Name:            s("0.0.0.0/0"),
-				Lifecycle:       b.Lifecycle,
-				CIDR:            s("0.0.0.0/0"),
-				RouteTable:      publicRouteTable,
-				InternetGateway: igw,
-			})
+			// If the gateway has not been created do not create the route
+			if igw != nil {
+				// TODO: Validate when allSubnetsShared
+				c.AddTask(&awstasks.Route{
+					Name:            s("0.0.0.0/0"),
+					Lifecycle:       b.Lifecycle,
+					CIDR:            s("0.0.0.0/0"),
+					RouteTable:      publicRouteTable,
+					InternetGateway: igw,
+				})
+			} else {
+				glog.Warningf("kops is skipping adding a default route to the kops managed route table, as networkRequireGateway is set to false.")
+			}
 		}
 	}